CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive acces...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks 2017-01, Vol.2017 (2017), p.1-13
Hauptverfasser: Helil, Nurmamat, Rahman, Kaysar
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Algorithms
Cloud computing
Conflicts of interest
Data storage
Datasets
Encryption
Object recognition
Security management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 13
container_issue 2017
container_start_page 1
container_title Security and communication networks
container_volume 2017
creator Helil, Nurmamat
Rahman, Kaysar
description CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.
doi_str_mv 10.1155/2017/2713595
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455786236</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2455786236</sourcerecordid><originalsourceid>FETCH-LOGICAL-c360t-2c8e19bf6a41bd4674e28fe1bb231420b345abc61f2db291d520c79f6a62e4663</originalsourceid><addsrcrecordid>eNqF0FtLwzAUB_AiCs7pm88S8FHrkpNL28dZ5wUGDqbPJU1TlrGlM8kc-_a2dF7efDoXfpwD_yi6JPiOEM5HgEkygoRQnvGjaEAymsWYABz_9ISdRmfeLzEWhCVsENl8Fo_vJ2islPYe5Y0NrlmhuVrotUZ149BcW2-C-dToQQbZjqFTPjhpbEA7Exbo2VSVtt83Zs3KqD2StvoL--15dFLLldcXhzqM3h8nb_lzPH19esnH01hRgUMMKtUkK2shGSkrJhKmIa01KUughAEuKeOyVILUUJWQkYoDVknWegGaCUGH0XV_d-Oaj632oVg2W2fblwUwzpNUAO3Uba-Ua7x3ui42zqyl2xcEF12iRZdocUi05Tc9XxhbyZ35T1_1WrdG1_JXA4aUpvQLAoZ-Vg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455786236</pqid></control><display><type>article</type><title>CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy</title><source>Wiley Online Library Open Access</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Helil, Nurmamat ; Rahman, Kaysar</creator><contributor>Li, Huaizhi</contributor><creatorcontrib>Helil, Nurmamat ; Rahman, Kaysar ; Li, Huaizhi</creatorcontrib><description>CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.</description><identifier>ISSN: 1939-0114</identifier><identifier>EISSN: 1939-0122</identifier><identifier>DOI: 10.1155/2017/2713595</identifier><language>eng</language><publisher>Cairo, Egypt: Hindawi Publishing Corporation</publisher><subject>Access control ; Algorithms ; Cloud computing ; Conflicts of interest ; Data storage ; Datasets ; Encryption ; Object recognition ; Security management</subject><ispartof>Security and communication networks, 2017-01, Vol.2017 (2017), p.1-13</ispartof><rights>Copyright © 2017 Nurmamat Helil and Kaysar Rahman.</rights><rights>Copyright © 2017 Nurmamat Helil and Kaysar Rahman. This is an open access article distributed under the Creative Commons Attribution License (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. https://creativecommons.org/licenses/by/4.0</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c360t-2c8e19bf6a41bd4674e28fe1bb231420b345abc61f2db291d520c79f6a62e4663</citedby><cites>FETCH-LOGICAL-c360t-2c8e19bf6a41bd4674e28fe1bb231420b345abc61f2db291d520c79f6a62e4663</cites><orcidid>0000-0001-9215-8638</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><contributor>Li, Huaizhi</contributor><creatorcontrib>Helil, Nurmamat</creatorcontrib><creatorcontrib>Rahman, Kaysar</creatorcontrib><title>CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy</title><title>Security and communication networks</title><description>CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.</description><subject>Access control</subject><subject>Algorithms</subject><subject>Cloud computing</subject><subject>Conflicts of interest</subject><subject>Data storage</subject><subject>Datasets</subject><subject>Encryption</subject><subject>Object recognition</subject><subject>Security management</subject><issn>1939-0114</issn><issn>1939-0122</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><sourceid>RHX</sourceid><sourceid>BENPR</sourceid><recordid>eNqF0FtLwzAUB_AiCs7pm88S8FHrkpNL28dZ5wUGDqbPJU1TlrGlM8kc-_a2dF7efDoXfpwD_yi6JPiOEM5HgEkygoRQnvGjaEAymsWYABz_9ISdRmfeLzEWhCVsENl8Fo_vJ2islPYe5Y0NrlmhuVrotUZ149BcW2-C-dToQQbZjqFTPjhpbEA7Exbo2VSVtt83Zs3KqD2StvoL--15dFLLldcXhzqM3h8nb_lzPH19esnH01hRgUMMKtUkK2shGSkrJhKmIa01KUughAEuKeOyVILUUJWQkYoDVknWegGaCUGH0XV_d-Oaj632oVg2W2fblwUwzpNUAO3Uba-Ua7x3ui42zqyl2xcEF12iRZdocUi05Tc9XxhbyZ35T1_1WrdG1_JXA4aUpvQLAoZ-Vg</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>Helil, Nurmamat</creator><creator>Rahman, Kaysar</creator><general>Hindawi Publishing Corporation</general><general>Hindawi</general><general>Hindawi Limited</general><scope>ADJCN</scope><scope>AHFXO</scope><scope>RHU</scope><scope>RHW</scope><scope>RHX</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><orcidid>https://orcid.org/0000-0001-9215-8638</orcidid></search><sort><creationdate>20170101</creationdate><title>CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy</title><author>Helil, Nurmamat ; Rahman, Kaysar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c360t-2c8e19bf6a41bd4674e28fe1bb231420b345abc61f2db291d520c79f6a62e4663</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Access control</topic><topic>Algorithms</topic><topic>Cloud computing</topic><topic>Conflicts of interest</topic><topic>Data storage</topic><topic>Datasets</topic><topic>Encryption</topic><topic>Object recognition</topic><topic>Security management</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Helil, Nurmamat</creatorcontrib><creatorcontrib>Rahman, Kaysar</creatorcontrib><collection>الدوريات العلمية والإحصائية - e-Marefa Academic and Statistical Periodicals</collection><collection>معرفة - المحتوى العربي الأكاديمي المتكامل - e-Marefa Academic Complete</collection><collection>Hindawi Publishing Complete</collection><collection>Hindawi Publishing Subscription Journals</collection><collection>Hindawi Publishing Open Access</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection (ProQuest)</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><jtitle>Security and communication networks</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Helil, Nurmamat</au><au>Rahman, Kaysar</au><au>Li, Huaizhi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy</atitle><jtitle>Security and communication networks</jtitle><date>2017-01-01</date><risdate>2017</risdate><volume>2017</volume><issue>2017</issue><spage>1</spage><epage>13</epage><pages>1-13</pages><issn>1939-0114</issn><eissn>1939-0122</eissn><abstract>CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.</abstract><cop>Cairo, Egypt</cop><pub>Hindawi Publishing Corporation</pub><doi>10.1155/2017/2713595</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0001-9215-8638</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-0114
ispartof Security and communication networks, 2017-01, Vol.2017 (2017), p.1-13
issn 1939-0114
1939-0122
language eng
recordid cdi_proquest_journals_2455786236
source Wiley Online Library Open Access; EZB-FREE-00999 freely available EZB journals
subjects Access control
Algorithms
Cloud computing
Conflicts of interest
Data storage
Datasets
Encryption
Object recognition
Security management
title CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T01%3A00%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=CP-ABE%20Access%20Control%20Scheme%20for%20Sensitive%20Data%20Set%20Constraint%20with%20Hidden%20Access%20Policy%20and%20Constraint%20Policy&rft.jtitle=Security%20and%20communication%20networks&rft.au=Helil,%20Nurmamat&rft.date=2017-01-01&rft.volume=2017&rft.issue=2017&rft.spage=1&rft.epage=13&rft.pages=1-13&rft.issn=1939-0114&rft.eissn=1939-0122&rft_id=info:doi/10.1155/2017/2713595&rft_dat=%3Cproquest_cross%3E2455786236%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2455786236&rft_id=info:pmid/&rfr_iscdi=true